ocserv integration improvements with load-balancers

From our testing, I am seeing two issues when performing rolling upgrades of a cluster of ocserv nodes behind a load-balancer:

1. Load-balancer's concept of the node being down lags the node by TCP probe interval
2. Load-balancer sees the node as up, even when the node has max connections.

The first shows up as an issue when the node is being taken down for upgrade. After the node is stopped, the load-balancer continues to send traffic to the node for TCP probe interval (5s in my configuration). These connections fail because the server is already stopped.

The second shows up when a node reaches maximum connection capacity. The node continues to accept, then close TCP connections, so the TCP probe reports that the node is healthy / up.

Proposed changes:

1. Provide a cooling off time on graceful shutdown. First the node stops accepting new connections, then after N seconds it terminates existing connections.
2. When the node reaches maximum connections, instead of accept/close on the incoming connections, simply don't accept the connection.

With these two changes, the node will better signal to the load-balancer allowing it to route connections to nodes that can accept them.